package Login;

import java.sql.*;

public class Test1 {
    public static void main(String[] args) throws  Exception{
        String StuName = "小向";
        String StuPwd = " a' or 'b' = 'b ";
        boolean flag = login(StuName,StuPwd);
        System.out.println(flag);
    }
    public  static  boolean login(String StuName,String StuPwd) throws  Exception{
        // 连接数据库，去查找  stu 表，有没有name = name ，pwd = pwd。


        //2.注册驱动
        Class.forName("com.mysql.jdbc.Driver");//mysql5之后的驱动jar包可以省略注册驱动的步骤
        //3.获取数据库连接对象
        Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/db1?useUnicode=true&characterEncoding=utf8", "root", "x");


        //5.获取执行sql的对象 stmt
//        Statement stmt = conn.createStatement();

        //定义
//        String sql="select * from student where StuName ='"+StuName+"' and StuPwd = '"+StuPwd+"'";

        // 4.定义sql
        String sql = "select * from student where StuName = ? and Stupwd = ? ";
        // 5 ，获取sql 执行对象，换成pre
        PreparedStatement pre=conn.prepareStatement(sql);

        //6.要给点位符赋值
        pre.setString(1,StuName);
        pre.setString(2,StuPwd);



        //得到ResultSet
        ResultSet resultSet= pre.executeQuery();
        return  resultSet.next();



    }
}
